Zend Framework 2 Acl using a module and plugin

You are here

This is my first attempt at using ZF2's new module system to use Zend's access control list (ACL) implementation for priviledges management. More information on ""Zend\Permissions\Acl"can be found on Zend's website here.

This tutorial is based on the ZendFramework 2 Skeleton App from here. I'm sure there are other ways of accomplishing this but this is how I learned how to do it.

The module I created "MyAcl" sets up roles, resources and permissions to grant or deny access to requested pages. You should already have the "Application" and "Album" modules set up in order to test out the "MyAcl" module.

For this example, my apps root is "ZendSkeletonApplication". From the skeleton app you should already have 2 modules there called "Album" and "Application".

Now were going to add a new module called "MyAcl". So create a new folder in "ZendSkeletonApplication/module" called "MyAcl". The directory structure will be "ZendSkeletonApplication/module/MyAcl".

$matchedRoute=$router->match($request);if(null!==$matchedRoute){$sharedManager->attach('Zend\Mvc\Controller\AbstractActionController','dispatch',function($e)use($sm){$sm->get('ControllerPluginManager')->get('MyAclPlugin')->doAuthorization($e);//pass to the plugin... },2);}}

use Zend\Mvc\Controller\Plugin\AbstractPlugin,
Zend\Session\Container as SessionContainer,
Zend\Permissions\Acl\Acl,
Zend\Permissions\Acl\Role\GenericRole as Role,
Zend\Permissions\Acl\Resource\GenericResource as Resource;

publicfunction doAuthorization($e){// set ACL$acl=new Acl();$acl->deny();// on by default//$acl->allow(); // this will allow every route by default so then you have to explicitly deny all routes that you want to protect.

$actionName=strtolower($routeMatch->getParam('action','not-found'));// get the action name $controllerName=$routeMatch->getParam('controller','not-found');// get the controller name $controllerName=strtolower(array_pop(explode('\\',$controllerName)));

In the example above, we set two permissions to deny anonymous users access to two routes: "zf2-tutorial.com/album/hello" & "zf2-tutorial.com/album/song". They will be redirected to "zf2-tutorial.com/application"

application.config.php (In "ZendSkeletonApplication/config")

<?phpreturnarray(// This should be an array of module namespaces used in the application.'modules'=>array('Application','Album','MyAcl',),

// These are various options for the listeners attached to the ModuleManager'module_listener_options'=>array(// This should be an array of paths in which modules reside.// If a string key is provided, the listener will consider that a module// namespace, the value of that key the specific path to that module's// Module class.'module_paths'=>array('./module','./vendor',),

// An array of paths from which to glob configuration files after// modules are loaded. These effectively overide configuration// provided by modules themselves. Paths may use GLOB_BRACE notation.'config_glob_paths'=>array('config/autoload/{,*.}{global,local}.php',),

Comments

Thanks for your nice tutorial. But I can not run it. It says -
Fatal error: Class 'MyAcl\Controller\Plugin\MyAclPlugin' not found in D:\xampp\htdocs\ZendSkeletonApplication-Acl-Module-Plugin\vendor\zendframework\zendframework\library\Zend\ServiceManager\AbstractPluginManager.php on line 170
Would you please help me to figure out this problem?